]]>https://byteshift.wordpress.com/2013/08/30/vmware-fun-install/feed/0hashlnxPHP and mysqli_connect()https://byteshift.wordpress.com/2013/08/04/php-and-mysqli_connect/
https://byteshift.wordpress.com/2013/08/04/php-and-mysqli_connect/#respondSun, 04 Aug 2013 04:24:55 +0000http://byteshift.wordpress.com/?p=323Here is a tip that may save a couple of hours: If you want to connect to a different MySQL’s port other than default 3306, do not use “localhost” as $host because mysqli_connect and deprecated mysql_connect will both ignore port argument.

Now I am wondering if is possible to toggle off NX (NX stands for Never eXecute) bit, just like we can do with the 16th bit of cr0 for read-only pages…

]]>https://byteshift.wordpress.com/2013/05/28/nx-protected-pages/feed/0hashlnxSQL Injection back in 2006https://byteshift.wordpress.com/2013/05/10/sql-injection-back-on-2006/
https://byteshift.wordpress.com/2013/05/10/sql-injection-back-on-2006/#respondFri, 10 May 2013 23:11:41 +0000http://byteshift.wordpress.com/?p=245Many years ago a friend of mine came around with an idea, not new even back on those days, but fun anyways.

The idea was to automate SQL Injection attacks by using search engines to find vulnerable targets.

Integrated with a tiny Delphi malware (yes, Delphi 0_o) it has became powerful.

This code lays in a separate part of my heart (yes, I do have a heart) not because it was 31337 (it wasn’t!) or extremely advanced but only because it was fun to write.

I did not run the code in the wild, not even once, truly. I wrote it with the help of other people testing it at the same time I was writing it down, back on 2006 when internet was a savage place with practically no rules. Nowadays things has changed a lot and everything you do is either illegal or shameful, so I do nothing else like this anymore.

This code is outdated and no longer work so it is not of much use, even less because the Deplhi malware is not included but I would like to share Volatile myself because other people already did this so it is my right, right?.

I believe I’ll sleep well and apart from that, this software is already out there on the internet since 2006 and it was used even for teaching computer security in few Universities.

It has basically three steps to accomplish complete control over remote computers running ASP + Windows:

– Find possible vulnerable targets using web search engine by applying an specific SQL command and testing its return, if it was an error then:

+ Perform cmd_shell command, pinging origin IP, Volatile would then start an ICMP sniffer to see if ICMP packets would arrive from remote target, if so;

– Execute a new cmd_shell command downloading and executing the malware from a different remote host. Such malware would take control over the box and then send a screenshot and star to listen an specific port (backdoor) , waiting for connections.

– It would keep running through hundreds of possible vulnerable machines , creating a list of compromised hosts.

Fun enough, but nowadays pretty illegal and I do not recommend anyone to do anything similar to this in the times we live, so it is a fossil , only, for posterity (myself) appreciation.

]]>https://byteshift.wordpress.com/2013/05/06/ccppbrasil-rio-de-janeiro-httpwww-ccppbrasil-orgwikigrupoencontro_viii/feed/0hashlnxHidden pidshttps://byteshift.wordpress.com/2013/04/12/hidden-pids/
https://byteshift.wordpress.com/2013/04/12/hidden-pids/#commentsFri, 12 Apr 2013 23:02:00 +0000http://byteshift.wordpress.com/?p=213After few years I’ve found myself looking for a code I wrote after suspecting that my system had a weird behave while using chorme browser then I thought that I could take a deeper look at the running PID’s to see if there was anything suspicious.

Sometime ago, in ancient days, I was a fanatic Slackware user (I am not anymore) and the system/kernel/applications those times hadn’t the annoying approach of hiding some of its PID’s , it was rootkits approach only. Time has changed since then.

When you perform a simple “ps -ax” in your Linux system nowadays lots of running processes are hidden from userland tools like ps. Actually I don’t know exactly why but anyways the following code may help you to locate those PID’s in your system.